Curve DAO (CRV) price drops as Curve Finance battles DNS attack

Curve Finance DNS hijack redirected users to a malicious clone site.
CRV price has slid about 7.7% as investors panicked and dumped tokens.
Curve Finance plans migration from DNS to ENS to enhance front-end security.

Late on May 12, Curve Finance warned in an X post that its “curve.fi” domain might be hijacked, and users were urged to avoid the site altogether.

Seems like https://t.co/vOeMYOTq0l DNS might be hijacked. Don’t interact!

— Curve Finance (@CurveFinance) May 12, 2025

According to an update issued by Curve Finance on X, the attackers rerouted the official Curve website’s DNS entries to a front-end clone designed to drain wallets through a deceptively simple drainer link embedded in the page.

While the platform’s smart contracts remain unaffected and secure, the compromised domain now points to an IP address controlled by malicious actors.

Wallet providers such as Phantom swiftly responded by blocking the “curve.fi” address and displaying prominent warnings to users attempting to connect.

Following the attack, Curve Finance has opened a full investigation, engaging security partners and its domain registrar to recover control and restore the genuine site.

Curve DAO (CRV) token price dips

In the wake of the DNS attack, CRV’s price has slipped to around $0.7231 on the CoinMarketCap live chart, marking a 7.7% decline over the past 24 hours as panic spread among investors.

As the price drops, trading volume has surged to over $188 million as holders raced to exit positions amidst the unfolding security crisis.

In addition, the token’s market capitalisation has fallen to roughly $973.1 million, underscoring the tangible impact of off-chain vulnerabilities on on-chain assets.

Although Bitcoin’s own retreat from $105,000 to $102,000 contributed to some downward pressure, analysts agree that the DNS incident served as the primary catalyst for the Curve DAO (CRV) sell-off.

Technical indicators show CRV revisiting price ranges last seen prior to the recent China-US trade deal, reflecting heightened volatility and investor concern.

It’s the second time Curve Finance is facing a DNS attack

The May 13 attack marks Curve Finance’s second front-end DNS breach, following a similar incident in July 2023 when around $61 million was siphoned before containment.

On that occasion, Binance froze more than $450,000 after the culprit attempted to launder funds through its exchange, while Fixed Float recovered about 112 ETH.

Curve subsequently changed DNS providers and advised users to revoke all approvals tied to the compromised domain, but front-end risk remained unaddressed.

The protocol’s social media channels have also been targeted, with its X account briefly hijacked on May 5 to post phishing links before being reclaimed on May 6.

Yesterday, the official @CurveFinance X account was compromised. As you already know, access has been fully restored.

To clarify: the incident was limited strictly to the X account. No other Curve accounts were affected. No security issues were found on our side, no user funds… https://t.co/8bci75uZGr

— Curve Finance (@CurveFinance) May 6, 2025

While Curve Finance has reiterated that no user funds were impacted, the cumulative sequence of breaches has eroded user trust in the platform’s external infrastructure.

Users have voiced frustration at Curve’s inability to secure its public-facing layers despite robust on-chain protocols, with one commenter noting that “secure contracts don’t matter much when the domain itself is the weak link.”

Security experts emphasise that front-end vulnerabilities pose existential risks for DeFi, as wallet connections and transaction approvals are mediated through user interfaces.

Industry peers are monitoring Curve’s remediation efforts closely, understanding that a successful ENS migration could set a new standard for protocol security.

Meanwhile, investors are watching CRV’s performance for signs of recovery or further downside, with broader market conditions also playing a critical role.

Curve Finance to move from DNS to ENS

In response to the latest attack, Curve Finance confirmed plans to ditch traditional DNS in favour of the Ethereum Name Service (ENS) for its human-readable addresses.

Unlike DNS, ENS utilises smart contracts on Ethereum’s blockchain to manage naming, eliminating reliance on centralised registrars and hosting providers.

By transitioning to ENS, Curve aims to bolster front-end security and minimise the attack surface that allowed malicious actors to hijack its domain.

The switch to “curve.finance” under ENS governance represents a structural shift toward decentralisation beyond simply smart contracts.

As Curve Finance diligently works to restore its official website and complete its ENS transition, CRV’s price trajectory remains uncertain in the near term.

For now, CRV investors must navigate heightened volatility and evolving security measures as Curve Finance battles back from another front-end exploit.